General

  • Target

    1f96941dc2540d33d143719ec73bb9cc.exe

  • Size

    1MB

  • Sample

    230326-h94beahg5y

  • MD5

    1f96941dc2540d33d143719ec73bb9cc

  • SHA1

    c89543d4efcb4e8f74a2716dcb9bb2fbd2f94cee

  • SHA256

    6385b31519c35421fe238e9e51ff6aee15c9e3719eaeb1d86aaea0b074be687b

  • SHA512

    7bb6cd9e680b5f851249b1d77c507e2f7623af1828bbdfb4ac13e29c92b484bf02c906de23cfa8853ebf390ebc87380bd87d15a8bfb2c1487eb0fa644b0dea80

  • SSDEEP

    24576:LR9Ot09OX7l348A5NyRQ80zEbiRRCRnOO8v6JnOk6PzdNhCQa61NEzMvPJgqqaF6:hz+Rn0tqaWxuGND

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

ZF

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:11334

139.180.143.50:6606

139.180.143.50:7707

139.180.143.50:8808

139.180.143.50:11334

Mutex

GPT_Conn4

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      1f96941dc2540d33d143719ec73bb9cc.exe

    • Size

      1MB

    • MD5

      1f96941dc2540d33d143719ec73bb9cc

    • SHA1

      c89543d4efcb4e8f74a2716dcb9bb2fbd2f94cee

    • SHA256

      6385b31519c35421fe238e9e51ff6aee15c9e3719eaeb1d86aaea0b074be687b

    • SHA512

      7bb6cd9e680b5f851249b1d77c507e2f7623af1828bbdfb4ac13e29c92b484bf02c906de23cfa8853ebf390ebc87380bd87d15a8bfb2c1487eb0fa644b0dea80

    • SSDEEP

      24576:LR9Ot09OX7l348A5NyRQ80zEbiRRCRnOO8v6JnOk6PzdNhCQa61NEzMvPJgqqaF6:hz+Rn0tqaWxuGND

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Async RAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks